package com.gitee.shixun.controller;

import com.gitee.shixun.model.Course;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/courses")
@Tag(name = "课程管理", description = "课程相关接口")
@SecurityRequirement(name = "bearer-key")
public class CourseController {

    @GetMapping
    @Operation(summary = "获取所有课程", description = "需要COURSE_READ权限")
    @PreAuthorize("hasAuthority('COURSE_READ')")
    public ResponseEntity<String> getAllCourses() {
        return ResponseEntity.ok("课程列表");
    }

    @PostMapping
    @Operation(summary = "创建课程", description = "需要COURSE_WRITE权限")
    @PreAuthorize("hasAuthority('COURSE_WRITE')")
    public ResponseEntity<Course> createCourse(@RequestBody Course course) {
        return ResponseEntity.ok(course);
    }
}